Re: 2003 DNS Server issue that isn't present using 2000 DNS Server

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: ec (no_at_no.com)
Date: 04/22/04 

Date: Wed, 21 Apr 2004 22:23:41 -0700

"Kevin D. Goodknecht [MVP]" <admin@nospam.WFTX.US> wrote in message
news:Ov9etRBKEHA.2776@TK2MSFTNGP12.phx.gbl...
> In news:sOFhc.26733$L75.12532@fed1read06,
> ec <no@no.com> posted a question
> Then Kevin replied below:
> > Ok, here is one I haven't seen before. I have DNS configured in my
> > 2003 AD Domain on two servers. All of my Domain DNS functions work
> > perfectly, no problems. My clients get IPs via DHCP, and are pointed
> > at my two internal DNS servers. Those 2 servers are Windows 2003, and
> > are configured to forward to my 2 ISP DNS servers. Internet
> > resolution is working fine. I started noticing an issue on my
> > Exchange server when a few queueus were filling up undelievered to
> > certain domains such as ibm.com, sprintmail.com, and earthlink.net. I
> > did nslookup on these domains on the DNS servers, no problems.
> > However, if I "set type=mx", it will time out, which explains why the
> > Exchange server can't get the mail server IP for those domains. I did
> > a a sniff, and saw my DNS server sending packets 1st to the ISP DNS,
> > then to the root servers asking for the mx. No replies came in from
> > either. Keep in mind this is only happening on a few Domains so far.
> > I can run nslookup set type=mx on HUNDREDS of Domains with no
> > problem. Exchage is sending and receiving mail with to most Domains.
> > So far just the three I mentioned aren't getting resolved. . Here is
> > the stranger part! If I install DNS for a test real quick on one of
> > my Windows 2000 servers, and run the same test, no problem! The ISP
> > DNS immediately returns back an answer. I even gave the 2k box the
> > same IP as the 2003 DNS box temporarily to make sure some filtering
> > wasn't happening upstream on a firewall or router. I have 4 2003
> > servers and install DNS on the other 2 that weren't already, SAME
> > PROBLEM! So, the issue seems to be with 2003 only. Why on Earth would
> > MX lookups work fine for most Domains but not those 3? ( so far ).
> > Remember, I can pull other records ( A, SoA are retrieved fine ) I am
> > lost on this one. Anyone?
>
> Most likely, it's your firewall, it probably doesn't support EDNS0
> extensions (UDP packets over 512 bytes) many firewalls reject these
packets.
> They tend to be from domains with multiple MX records.
> 828731 - An External DNS Query May Cause an Error Message in Windows
Server
> 2003
> http://support.microsoft.com/default.aspx?scid=kb;en-us;828731
>
> --
> Best regards,
> Kevin D4 Dad Goodknecht Sr. [MVP]
> Hope This Helps
> ============================
> --
> When responding to posts, please "Reply to Group" via your
> newsreader so that others may learn and benefit from your issue.
> To respond directly to me remove the nospam. from my email.
> ==========================================
> http://www.lonestaramerica.com/
> ==========================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ==========================================
> Keep a back up of your OE settings and folders with
> OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
> ==========================================
>
>

One other question... if the packet is FROM those Domains with large amounts
of MX records... why does it work with that setting turned off? What "extra
data" am I missing?

Relevant Pages

  • RE: Firewall Rule Set not allowing access to DNS servers?
    ... I changed the DNS rules as you suggested, and the firewall works perfectly - ... > # Allow out access to my ISP's Domain name server. ... > so your udp packets never match this rule and default to ...
    (freebsd-questions)
  • Windows 9X clients can change password in Windows 2003 PDC Emulator
    ... I've desinstalled the WINS Server of the Windows 2000 and now, ... The DNS, WINS and AD replication are OK (Windows 2003 is Primary DNS+WINS ... Gathering NetBT configuration information. ... Packets Received: 36169 ...
    (microsoft.public.windows.server.migration)
  • Issues migrating SBS 2003 domain to Server 2008 Standard
    ... We are stuck migrating our SBS 2003 domain to Server 2008. ... Fatal Error:DsGetDcName (SRV-EXCH) call failed, ... Verify your Domain Name Sysytem (DNS) is ... network connectivity to a domain controller. ...
    (microsoft.public.windows.server.sbs)
  • Re: AD management snap in cannot find DC (netdiag /v workstation)
    ... The name.local entries are used by my apache server to implement ... change button, more button, the "Primary DNS suffix of this ... Attr: subschemaSubentry ... Owner of the binding path: ...
    (microsoft.public.windows.server.active_directory)
  • Re: AD management snap in cannot find DC (netdiag /v workstation)
    ... button, more button, the "Primary DNS suffix of this computer", it should ... The Security System could not establish a secured connection with the server ... Attr: subschemaSubentry ... Owner of the binding path: ...
    (microsoft.public.windows.server.active_directory)